KR101687492B1 - Storing method of data dispersively and credential processing unit - Google Patents
Storing method of data dispersively and credential processing unit Download PDFInfo
- Publication number
- KR101687492B1 KR101687492B1 KR1020150111181A KR20150111181A KR101687492B1 KR 101687492 B1 KR101687492 B1 KR 101687492B1 KR 1020150111181 A KR1020150111181 A KR 1020150111181A KR 20150111181 A KR20150111181 A KR 20150111181A KR 101687492 B1 KR101687492 B1 KR 101687492B1
- Authority
- KR
- South Korea
- Prior art keywords
- data
- sub
- mask value
- location information
- memory
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1004—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Description
The embodiments described below are directed to a method of storing data and a cryptographic information processing apparatus, and more particularly, to a method and apparatus for distributively storing key information such as a credential at a random position in a nonvolatile memory Technology.
When the main information is stored without being encrypted, the main information may be exposed to the outside. In addition, even when key information is encrypted and stored, when the key used for encryption is stored as it is, important information can be easily exposed. In particular, since the main information is mainly stored in a predetermined position in the memory, if the attacker knows only the storage location of the main information, there is a risk that the main information is directly exposed.
According to an embodiment, even if an attacker obtains a part of subdivided subdata, accurate data can not be grasped when all the distributed data can not be acquired.
According to an embodiment, by masking the data and the location information in which the data is stored with a separate mask value, the safety of all the data stored in the memory can be secured even if any one of them is exposed.
A method of storing data according to one side includes dividing data into sub data; Masking the sub data using a first mask value for the sub data; Determining location information for storing the masked sub-data in a memory; Storing the masked sub-data at an address corresponding to the position information; Masking the position information using a second mask value; And storing the masked location information in the memory.
Wherein masking the sub data comprises generating first mask values corresponding to each of the sub data, the first mask values being different from each other; And masking the sub data using the first mask values.
Wherein masking the sub data comprises: adding a cyclic redundancy code (CRC) to the sub data; And masking the sub-data to which the CRC is added using the first mask value.
The step of masking the sub data may include adding a CRC to the masked sub data.
The position information may be within a predetermined range of addresses specified in the memory, and the step of determining the position information may include randomly determining position information for storing the masked sub data within the certain address range .
Wherein masking the position information comprises: adding a CRC to the position information; And masking the location information to which the CRC is added using the second mask value.
The step of masking the location information may include adding a CRC to the masked location information.
A method of storing data includes: generating a first mask value for the sub data; And generating the second mask value for the position information.
The method of storing data may further include storing the first mask value and the second mask value in the memory.
The storing the first mask value and the second mask value in the memory may include scrambling the first mask value and the second mask value and storing the scrambled value in the memory.
The data may include cryptographic credentials.
The memory may comprise a non-volatile memory.
A cryptographic information processing apparatus according to one aspect includes a nonvolatile memory; And dividing the cryptographic information into subdata, first encrypting the subdata, and distributing the first encrypted subdata in the nonvolatile memory, and storing the first encrypted subdata in correspondence with the stored address And a processor for storing the second encrypted location information in the nonvolatile memory.
Wherein the processor uses the first mask value for the sub-data to encrypt the sub-data, or the first mask values corresponding to each of the sub-data, wherein the first mask values are different from each other And the first data can be encrypted.
Wherein the processor adds the CRC to the sub data and performs the first encryption using the first mask value or the CRC to the sub data masked by the first mask value, The sub-data can be encrypted by the first encryption.
Wherein the processor adds a CRC to the location information, encrypts the location information to which the CRC is added using the second mask value, or adds a CRC to the location information masked by the second mask value The second location information can be encrypted.
The processor decrypts the second encrypted location information, obtains the first encrypted subdata based on the decrypted location information, and obtains the cryptographic information by decrypting the first encrypted subdata .
The processor may perform a predetermined security operation using the cryptographic information.
The processor may receive the cryptographic information from an external device, or may generate the cryptographic information based on a predetermined algorithm.
According to one aspect of the present invention, it is possible to divide data into subdata and distribute subdivided data subdivided in a memory so that an attacker can not grasp accurate data unless all of the distributed subdata are acquired have.
According to one aspect of the present invention, it is possible to prevent the acquisition of the entire dispersed data by encrypting each of the divided sub data.
According to an aspect of the present invention, even if any one of the sub data and the sub data is stored, the entire data stored in the memory can be secured.
According to one aspect of the present invention, an attacker's accessibility to data and location information can be blocked by re-encrypting and storing the mask value used to encrypt the data and location information.
BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a diagram for explaining a method of storing data and a method of reading data according to an embodiment; Fig.
2 is a flow diagram illustrating a method for storing data in accordance with one embodiment.
3 is a diagram for explaining a method of masking data according to an embodiment;
4 is a diagram for explaining a method of adding a CRC according to an embodiment;
5 is a flow diagram illustrating a method for storing data in accordance with another embodiment;
6 is a block diagram of a cryptographic information processing apparatus according to an embodiment;
In the following, embodiments will be described in detail with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
Various modifications may be made to the embodiments described below. It is to be understood that the embodiments described below are not intended to limit the embodiments, but include all modifications, equivalents, and alternatives to them.
The terms used in the examples are used only to illustrate specific embodiments and are not intended to limit the embodiments. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like refer to the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this embodiment belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Do not.
In the following description of the present invention with reference to the accompanying drawings, the same components are denoted by the same reference numerals regardless of the reference numerals, and redundant explanations thereof will be omitted. In the following description of the embodiments, a detailed description of related arts will be omitted if it is determined that the gist of the embodiments may be unnecessarily blurred.
1 is a diagram for explaining a method of storing data and a method of reading data according to an embodiment.
Referring to FIG. 1, a method of storing data in a
The processing apparatus may divide the
The processing unit may mask the
The processing unit determines
The processing unit may protect the
The process of reading the randomly distributed data in the
The processing apparatus reads the
The processing apparatus can read the information (sub data 185) stored at the corresponding position in the
The processing device can repeat the above procedure to read all of the sub-data 185 stored in the
In one embodiment, the processing device can increase security by using both the
The processing apparatus according to an embodiment may divide and mask data in a different form each time when data is stored, and then distribute the data at a random location so that the type of data finally stored in the memory changes each time. Even if the attacker reads the data stored in the memory, it is difficult for the attacker to recover the original data due to the union of the data.
2 is a flow diagram illustrating a method for storing data in accordance with one embodiment.
Referring to FIG. 2, a processing apparatus according to an embodiment divides data into sub data (210). The processing apparatus can divide data into sub data in consideration of the security level required by the user or the system, required performance, and the like. The processing unit may divide the data into predetermined sizes, such as, for example, 2 bytes or 4 bytes. Alternatively, if the user requires a high level of security, it may be divided into a predetermined size of 5 bytes or more, and may be divided into a predetermined size of 2 bytes or less if the user requests high performance.
The processing unit masks the sub data using the first mask value (220). In this case, the first mask value may be a common value for the sub data, or may be a different value for each of the sub data. The first mask value (s) may be a random value generated in the processing unit. The processing unit can mask the sub data by combining the sub data with the mask value so that the attacker can not grasp the original information (sub data) without knowing the mask value. The method by which the processing device masks the data and / or position information using the mask value will be described with reference to FIG.
In
The processing device determines 230 the location information to store the masked sub-data in the memory. The processing apparatus can determine the random position in the memory as the position information. At this time, the processing apparatus can determine the location information within a predetermined address range (for example,
The processor may initialize the entire predetermined range of addresses within the memory to random data prior to storing the information in the memory.
The processing unit stores the masked sub data at an address corresponding to the position information determined in step 230 (240).
The processing device masks the location information using the second mask value (250). The second mask value may be a mask value for hiding the position information determined in
In
The processing device stores the masked location information in a memory (260).
3 is a diagram for explaining a method of masking data according to an embodiment.
Referring to FIG. 3, a
At this time, if the processing unit adds the
The processing unit may mask each of the divided sub data with a different mask value, thereby making it difficult to confirm the data stored in the memory.
4 is a diagram for explaining a method of adding a CRC according to an embodiment.
Referring to FIG. 4, an operation principle of error checking using CRC and a method of adding CRC to data are shown.
For example, if the data to be stored in the memory is m (x) (410) of m bits, the processing unit performs error control function by generating an error detection code using an n + 1 bit generator polynomial G (x) can do. M (x) 410 may be "100101" and G (x) 430 may be "100101".
The processing apparatus can obtain checksum information ("00010 ") by dividing the data M (x) (" 100101 ") 410 by the generating polynomial G (x) (" 100101 ") 430. 4, the processing unit obtains a space (for example, 5 bits) of n bits to hold the remainder after the
The checksum information is a residual value obtained in the division operation, and may correspond to a CRC added to sub data or position information in one embodiment.
The processing apparatus can transmit (store) the check sum information ("00010 ") to " 10110100100010 " added to the data M (x) (" 101101001 &
The processing unit divides the m + n-bit data 450 ("10110100100010") transferred (stored) in the memory in the data reading process by the generating polynomial G (x) Can be confirmed. The processor determines that there is no error in the data stored in the memory if the remainder obtained from the computation result is 0 and can determine that an error has occurred if not.
5 is a flow diagram illustrating a method for storing data in accordance with another embodiment.
Referring to FIG. 5, the processing unit may divide (505) the data into sub-data of a predetermined size and generate 510 the first mask values for each of the sub-data.
The processing unit may add (515) a CRC to the subdata and mask (520) the subdata with the CRC added thereto using the first mask values.
The processing device may randomly determine location information to store the masked sub-data in a certain address range (step 525).
The processing unit may store the masked sub data at an address corresponding to the position information (530).
The processing unit may generate a second mask value for position information (535) and may mask the position information using the second mask value (540).
The processing unit may add the CRC to the masked location information (545).
The processing unit may store the masked location information with the CRC appended to the memory (550).
The processing device may scramble the first mask value and the second mask value and store the value in memory (555). Here, 'scramble' can be understood as encoding or encrypting the signal in an appropriate manner. The processing unit may store the scrambled first mask value and the second mask value at a particular location in the memory.
6 is a block diagram of a cryptographic information processing apparatus according to an embodiment.
Referring to FIG. 6, a cryptographic
The
The
The
The
The
The
The
In addition, the
The
The cryptographic
The method according to an embodiment of the present invention can be implemented in the form of a program command which can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. This is possible.
Therefore, the scope of the present invention should not be construed as being limited to the embodiments described, but should be determined by equivalents to the appended claims, as well as the appended claims.
600: Cryptographic information processing device
610: Nonvolatile memory
630: Processor
650: Bus
Claims (20)
Generating first mask values corresponding to each of the sub data, the first mask values being different from each other;
Masking the sub data using the first mask values;
Determining location information for storing the masked sub-data in a memory;
Storing the masked sub-data at an address corresponding to the position information;
Masking the position information using a second mask value; And
Storing the masked location information in the memory
≪ / RTI >
The step of masking the sub-
Adding a CRC (Cyclic Redundancy Code) to the sub-data; And
Masking the sub-data to which the CRC is added using the first mask value
≪ / RTI >
The step of masking the sub-
Adding CRC to the masked sub-data
≪ / RTI >
The location information
Wherein the memory is within a predetermined address range specified in the memory,
The step of determining the location information
Randomly determining location information for storing the masked sub-data within the predetermined address range
≪ / RTI >
The step of masking the location information
Adding a CRC to the location information; And
Masking the location information to which the CRC is added using the second mask value
≪ / RTI >
The step of masking the location information
Adding CRC to the masked location information
≪ / RTI >
Generating a first mask value for the sub-data; And
Generating the second mask value for the position information
≪ / RTI >
Storing the first mask value and the second mask value in the memory
≪ / RTI >
Wherein storing the first mask value and the second mask value in the memory comprises:
Scrambling the first mask value and the second mask value and storing the scrambled value in the memory
≪ / RTI >
The data
A method for storing data, the method comprising: storing cryptographic credentials.
The memory
≪ / RTI > wherein the non-volatile memory comprises a non-volatile memory.
Encrypting the subdata using the first mask value for the subdata, or dividing the first mask values corresponding to each of the subdata by the first mask value, And the first encrypted sub-data are distributedly stored in the nonvolatile memory, and the first encrypted sub-data is stored in a position corresponding to the address where the first encrypted sub-data is stored Encrypts the second encrypted location information, and stores the second encrypted location information in the non-volatile memory.
The cryptographic information processing apparatus comprising:
The processor
Adding the CRC to the sub data, adding the CRC added sub data to the first data using the first mask value, or adding the CRC to the sub data that is masked by the first mask value And the first encryption unit encrypts the sub data.
The processor
Adding the CRC to the positional information, performing second encryption using the second mask value, or adding a CRC to the masked positional information using the second mask value, To the second cryptographic information processing apparatus.
The processor
A cryptographic method for decrypting the second encrypted location information, obtaining the first encrypted subdata based on the decrypted location information, and obtaining the cryptographic information by decrypting the first encrypted subdata, Information processing device.
The processor
And performs a predetermined security operation using the cryptographic information.
The processor
And receives the cryptographic information from an external device or generates the cryptographic information based on a predetermined algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150111181A KR101687492B1 (en) | 2015-08-06 | 2015-08-06 | Storing method of data dispersively and credential processing unit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150111181A KR101687492B1 (en) | 2015-08-06 | 2015-08-06 | Storing method of data dispersively and credential processing unit |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101687492B1 true KR101687492B1 (en) | 2016-12-16 |
Family
ID=57735618
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150111181A KR101687492B1 (en) | 2015-08-06 | 2015-08-06 | Storing method of data dispersively and credential processing unit |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101687492B1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101889062B1 (en) | 2018-02-28 | 2018-08-17 | (주)케이포스트 | Server and method for generating security file |
CN113378202A (en) * | 2021-06-29 | 2021-09-10 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
CN116821942A (en) * | 2023-08-30 | 2023-09-29 | 北京紫光青藤微***有限公司 | Method and system for writing data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080073345A (en) * | 2005-11-21 | 2008-08-08 | 아트멜 코포레이션 | Encryption protection method |
KR20090042313A (en) * | 2006-08-14 | 2009-04-29 | 콸콤 인코포레이티드 | Method and apparatus to enable the cooperative signaling of a shared bus interrupt in a multi-rank memory subsystem |
KR20090052130A (en) * | 2007-11-20 | 2009-05-25 | 주식회사 안철수연구소 | Data protection method using data partition |
JP2015045961A (en) * | 2013-08-27 | 2015-03-12 | 株式会社東芝 | Information processor, monitor camera unit and image reproduction apparatus |
-
2015
- 2015-08-06 KR KR1020150111181A patent/KR101687492B1/en active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080073345A (en) * | 2005-11-21 | 2008-08-08 | 아트멜 코포레이션 | Encryption protection method |
KR20090042313A (en) * | 2006-08-14 | 2009-04-29 | 콸콤 인코포레이티드 | Method and apparatus to enable the cooperative signaling of a shared bus interrupt in a multi-rank memory subsystem |
KR20090052130A (en) * | 2007-11-20 | 2009-05-25 | 주식회사 안철수연구소 | Data protection method using data partition |
JP2015045961A (en) * | 2013-08-27 | 2015-03-12 | 株式会社東芝 | Information processor, monitor camera unit and image reproduction apparatus |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101889062B1 (en) | 2018-02-28 | 2018-08-17 | (주)케이포스트 | Server and method for generating security file |
CN113378202A (en) * | 2021-06-29 | 2021-09-10 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
CN113378202B (en) * | 2021-06-29 | 2022-05-03 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
CN116821942A (en) * | 2023-08-30 | 2023-09-29 | 北京紫光青藤微***有限公司 | Method and system for writing data |
CN116821942B (en) * | 2023-08-30 | 2023-12-22 | 北京紫光青藤微***有限公司 | Method and system for writing data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10944554B2 (en) | Semiconductor device and information processing system for encrypted communication | |
US11487908B2 (en) | Secure memory | |
CN107667374B (en) | Techniques for memory privacy, integrity and replay protection | |
KR102201062B1 (en) | System for generating a cryptographic key from a memory used as a physically unclonable function | |
US8799679B2 (en) | Message authentication code pre-computation with applications to secure memory | |
US20170063853A1 (en) | Data cipher and decipher based on device and data authentication | |
CN105450620A (en) | Information processing method and device | |
US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
CN111066077B (en) | Encryption device, encryption method, decryption device, and decryption method | |
CN112469036B (en) | Message encryption and decryption method and device, mobile terminal and storage medium | |
EP2922235B1 (en) | Security module for secure function execution on untrusted platform | |
EP2629223A1 (en) | System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction | |
KR20150115935A (en) | Methods and devices for authentication and key exchange | |
KR101687492B1 (en) | Storing method of data dispersively and credential processing unit | |
KR101852526B1 (en) | Method for managing encrypted file in mobile device and encrypted file management system having the same | |
JP2014081613A (en) | Encryption and decryption method for session state information | |
KR101224383B1 (en) | Security Communication method between devices | |
JP7428239B2 (en) | Memory processing device, memory verification device, memory update device, memory protection system, method and program | |
US11664976B2 (en) | Method and devices for creating redundancy and encryption using Mojette Transform | |
KR101516751B1 (en) | Decryption protecting method and system editable the cryptogram | |
CN118158021A (en) | Data transmission processing method and system based on Glink bus protocol | |
CN115842628A (en) | Method and device for realizing key processing, computer storage medium and solid state disk | |
CN117648719A (en) | Data security method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E90F | Notification of reason for final refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20191007 Year of fee payment: 4 |